Navigating the Future Key Trends for CAEs to Watch in 2025 By PRASHANT PANAVALLI, Principal, Forvis Mazars As they navigate the choppy waters of a constantly evolving banking environment, chief audit executives (CAEs) within large financial institutions find themselves at the helm of unique challenges and intricate risks. Simple proficiency in risk management is no longer sufficient. Understanding the key risks, emerging trends and transformative technologies that continue to shape the internal audit shoreline going forward into 2025 remains a critical mandate for many financial institutions. CAEs need to know how to stay ahead of these changing trends as they continue to reverberate throughout the broader banking ecosystem. EMERGING TECHNOLOGIES In recent years, the banking industry has been transformed by the swift pace of technological advancements. While these innovations offer opportunities for efficiency and growth, they also present significant risks and challenges. The following are four technology trends impacting financial institutions: • Cloud Services: Banks continue to expand their cloud computing services. CAEs must assess the security, privacy, data and operational needs of the cloud, including establishing cloud services policies, roles, responsibilities and processes. Internal audit also should assess the cloud’s design and architecture, including its scalability, redundancy and performance. In addition, the cloud’s security measures should be evaluated to assess encryption protocols, access controls, vulnerability management and incident response capabilities. • Artificial Intelligence (AI): CAEs must establish appropriate guardrails to manage AI, including governance, policies, monitoring and risk mitigation. AI can be used to automate routine and manual internal audit functions such as reconciliations, compliance checks and data extraction and provide greater agility to internal audit teams. However, organizations should take action to have an AI model development policy in place to help avoid potential risks. • Endpoint Security: With the hybrid workplace introducing new and extended cybersecurity risks, CAEs need to perform endpoint security audits to assess vulnerabilities and help ensure appropriate security measures. Internal audit 18 WEST VIRGINIA BANKER
RkJQdWJsaXNoZXIy MTg3NDExNQ==